I'm using isakmpd to manage an ipsec VPN between OpenBSD 5.8 <-> OpenBSD
6.0. This also manages a VPN between Mac OS X/ IPsecuritas and OpenBSD 6.0.
The example describes a situation where you have one self signed root
certificate located in /etc/isakmpd/ca/root.crt and otherside::client.crt from
the
other side which should be signed by root.crt. My situation is slightly
different. I have:
otherside::client.crt
(signed by) /etc/isakmpd/ca/intermediate.crt
(signed by) /etc/isakmpd/ca/root.crt
But I'm having trouble getting this going. As I read the source code in
x509.c I can see that isakmpd is at least reading and hashing all the certs
in /etc/isakmpd/ca. Is there something special that I have to do to have it
chain intermediate.crt -> root.crt so it can use client.crt without having
to put client.crt into /etc/isakmpd/certs?
Thanks for all your help!
-- Chris
